Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must log non-local maintenance and diagnostic sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000173-IDPS-000160 | SRG-NET-000173-IDPS-000160 | SRG-NET-000173-IDPS-000160_rule | Low |
| Description |
|---|
| Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, what attempted to be done, where it was done, when it was done, and by whom in order to compile an accurate risk assessment. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. If events associated with a non-local administrative access or diagnostic session are not logged, a major tool for assessing and investigating attacks would not be available. This requirement pertains to the use of privileged access when using the GUI or SSH to connect non-locally for the purpose of diagnostic session on the servers and network elements. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43300_chk ) |
|---|
| Verify all sessions initiated using the GUI or SSH are logged in devices audit log. Examine the events in the audit log to see if diagnostic and maintenance sessions are annotated with a separate event code. If diagnostic and maintenance sessions are not identified in the audit logs, this is a finding. |
| Fix Text (F-43300_fix) |
|---|
| Configure the auditable events to capture all non-local sessions. Configure the auditable events to capture diagnostic and maintenance sessions. |